This Privacy Policy explains what personal data Nothing2Wear (“Nothing2Wear”, “we”, “us”) collects, why, who we share it with, and the choices and rights you have. We built Nothing2Wear to be privacy-forward: sensitive free-text never leaves your device, and the personal data we do store is encrypted.
Nothing2Wear is an AI-assisted outfit-planning application. Nothing2Wear is the entity responsible for the personal data described here (the “data controller”, and the “data fiduciary” under India’s Digital Personal Data Protection Act, 2023). The Service is operated from the United States and is currently distributed as a limited private alpha to a small group of invited testers in the United States and India.
Questions or requests about your data: privacy@nothingtowear.app.
We collect the following categories of personal data. Fields marked sensitive are special-category data and are collected only with your explicit consent (see section 3).
| Category | Source | Examples |
|---|---|---|
| Account & identity | You, via Firebase sign-in | Email address, full name, date of birth (for age verification), authentication identifier |
| Profile | You | Gender, physique, home city |
| Sensitive profile | You (optional) | Skin tone, ethnicity |
| Photos | You (optional) | Profile photo and wardrobe/garment photos, which may contain images of people including faces |
| Wardrobe & planning | You | Clothing items, trips, packing lists, outfit selections and edits |
| AI-derived data | Generated by the service | Anonymized fashion tags (vibe, formality, climate), style preferences, wardrobe confidence signals |
| Usage & diagnostics | Automatic | Feature usage, interaction events, performance metrics, error logs, AI request traces (with personal text removed) |
| Device | Automatic | Push-notification token (Firebase Cloud Messaging) |
Skin tone, ethnicity, and photos that may reveal racial or ethnic information are “special-category” data. We process them only on the basis of your explicit consent (GDPR Article 9(2)(a)), which you give during onboarding and can withdraw at any time. We use them solely to personalize outfit and color recommendations for you. If you withdraw consent, we stop using this data and you can delete it from the app. Providing this data is entirely optional — the app works without it.
| Purpose | Data used | Legal basis (GDPR Art. 6/9) |
|---|---|---|
| Provide the outfit-planning service and your account | Account, profile, wardrobe | Performance of a contract (Art. 6(1)(b)) |
| Personalize styling using sensitive attributes & photos | Skin tone, ethnicity, photos | Explicit consent (Art. 9(2)(a)) |
| AI wardrobe profiling (optional) | Interactions, fashion tags | Consent (Art. 6(1)(a)) — toggleable |
| Usage analytics (optional) | Anonymized usage events | Consent (Art. 6(1)(a)) — toggleable |
| Marketing communications (optional) | Consent (Art. 6(1)(a)) — toggleable | |
| Security, debugging, service quality | Diagnostics, traces | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal obligations & prove consent | Consent audit records | Legal obligation (Art. 6(1)(c)) |
You can change the optional consents (AI profiling, analytics, marketing) at any time in Settings → Privacy & Data.
Outfit and packing suggestions are generated by an artificial-intelligence system (Google Gemini), and we use image-embedding models (Google Vertex AI) to match garments. You are interacting with an AI system, and its suggestions are recommendations, not professional advice. These recommendations do not produce legal or similarly significant effects about you, and we do not make decisions about you based solely on automated processing (GDPR Article 22). See our Terms of Service for the full AI disclaimer.
Before any free-text you write is sent to an AI model, it is processed on your device to strip out personal details — names, addresses, contact details, medical or other identifying information. Only generic fashion context (for example, “smart-casual, warm climate”) is transmitted. Your raw text is not stored on our servers and is not sent to third parties.
We do not sell your personal data. We share it with the following service providers (“processors”) strictly to operate Nothing2Wear, under contractual data-protection terms:
| Provider | Purpose | Data shared | Region |
|---|---|---|---|
| Google Cloud — Gemini API | AI outfit/packing recommendations | Sanitized fashion context only | United States |
| Google Cloud — Vertex AI | Image/text embeddings | Garment data | United States |
| Google Maps Platform | Location/weather context | City name, coordinates | United States |
| Firebase Authentication (Google) | Sign-in & account security | Email, sign-in identity | United States |
| Firebase Cloud Messaging (Google) | Push notifications | Device token | United States |
| Google Cloud Platform | Hosting, database, file storage, encryption keys | Encrypted application data | United States (us-east1) |
| Langfuse | Service-quality monitoring of AI requests | Sanitized AI traces, performance metrics | United States |
Google does not use your inputs sent via these APIs to train its models. Our use of Google Maps is additionally subject to the Google Maps/Google Earth Additional Terms of Service, and Google’s handling of data is governed by the Google Privacy Policy.
Our service providers are located in the United States, so if you use Nothing2Wear from outside the United States (for example, from India), your personal data is transferred to and processed in the U.S. We rely on appropriate contractual safeguards — such as Standard Contractual Clauses and the data-protection terms offered by our providers — to protect this data in transit and at rest.
| Data | Retention |
|---|---|
| Account, profile, wardrobe data | Until you delete your account |
| Account deletion request | Permanently erased after a 48-hour cancellation window |
| Account deactivation | Retained up to 30 days, then permanently erased |
| AI request traces (Langfuse) | 90 days, then automatically deleted |
| Consent records (proof of consent) | Retained after account deletion as required for legal compliance (GDPR Art. 7) |
We protect your data with industry-standard measures, including envelope encryption (AES-256-GCM via Google Cloud KMS) for personal and sensitive fields at rest, strict per-user database access isolation, and the on-device sanitization described above. No system is perfectly secure, but we work to protect your information and to limit who and what can access it.
Depending on where you live, you have rights over your personal data, including the right to:
We aim to respond to requests within one month. You also have the right to complain to your local data protection authority. To exercise any right, use the in-app tools or contact privacy@nothingtowear.app.
Nothing2Wear is not directed to children. You must be at least 16 years old to use it. We do not knowingly collect personal data — and never knowingly collect special-category data — from children. If you believe a child has provided us data, contact us and we will delete it.
United States. If you are a California resident (CCPA/CPRA) or are covered by another U.S. state privacy law, you have the right to know the categories of personal information we collect (see section 2), to request access, deletion, and correction, and to not be discriminated against for exercising these rights. We do not sell or “share” your personal information for cross-context behavioral advertising.
India. If you are in India, the Digital Personal Data Protection Act, 2023 (DPDP Act) applies. You have the right to access, correct, and erase your personal data, to withdraw consent as easily as you gave it, to nominate another person to exercise your rights on your behalf, and to grievance redressal. Please contact us first with any grievance; you may also escalate to the Data Protection Board of India.
Submit requests via the in-app tools or privacy@nothingtowear.app.
We may update this policy as the app evolves. We will revise the “Last updated” date and version number above. For material changes — especially to how we handle special-category data — we will ask you to review and re-accept the updated policy in the app before you continue.
Nothing2Wear · privacy@nothingtowear.app